From ff4c7c0b5a6f33f8b0df5a077fac52cdb3878af6 Mon Sep 17 00:00:00 2001 From: fyodor Date: Thu, 14 Jan 2010 19:56:02 +0000 Subject: [PATCH] --- docs/TODO | 53 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/docs/TODO b/docs/TODO index f05e00c95..8811653e4 100644 --- a/docs/TODO +++ b/docs/TODO @@ -1,5 +1,8 @@ weTODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- +o Decide what to do about Windows 7/Vista and starting NPF. See this + thread: http://seclists.org/nmap-dev/2010/q1/20 + o [NSE] Document Patrick's worker thread patch in scripting.xml (see http://seclists.org/nmap-dev/2009/q4/294, http://nmap.org/nsedoc/lib/stdnse.html#new_thread, @@ -8,23 +11,11 @@ o [NSE] Document Patrick's worker thread patch in scripting.xml (see o Investigate issue with our Pcap and Wireshark x64, as described in this thread: http://seclists.org/nmap-dev/2009/q4/557 [Rob] -o Add feature to http library to let user set the user agent to be - used. The NSEDoc for this feature should probably tell what our - current default user agent is ("Mozilla/5.0 (compatible; Nmap - Scripting Engine; http://nmap.org/book/nse.html") [David] - o Make new stable release o Look at new DB2 script by Tom Sellers. http://seclists.org/nmap-dev/2009/q4/659 -o Look at new Kerberos script from Patrik Karlsson. http://seclists.org/nmap-dev/2009/q4/715 - -o [Ncat] Add SSL support for --exec so you can use SSL to talk to your - remote shell, etc. See this thread: - http://seclists.org/nmap-dev/2009/q4/255, particularly the - implementation sketch at http://seclists.org/nmap-dev/2009/q4/268 [Venkat,David] - o [NSE] HTTP header parsing is not very robust, and is duplicated in a lot of places. For example, it's legal to have header fields like Content-type:\r\n @@ -37,17 +28,6 @@ o Make the nmap.header.tmpl wording a little more generic so it more clearly applies to Ncat, Zenmap, Nping, etc. Then use templatereplace.pl to apply those changes to the code. [Fyodor] -o [NSE] We should do a favicon survey like the one Brandon did for - /favicon.ico files but which uses the favicons specified by the HTML - files rather than just that exact location. For example, insecure.org - sites include in the headers: - - Then we should update our favicon database to include the top ones, - and we should also improve our favicon script so that it either - omits checking /favicon.ico if the HTML-specified one exists, or it - should just download, interpret, and display info for both (right - now it seems to give prority to the wrong one: /favicon.ico). - o Move Zenmap man page from nmap/docs/ to nmap/zenmap/docs to match the man page location for ncat and ndiff. o Don't break packaging/build system @@ -580,6 +560,33 @@ o random tip database DONE: +o [NSE] We should do a favicon survey like the one Brandon did for + /favicon.ico files but which uses the favicons specified by the HTML + files rather than just that exact location. For example, insecure.org + sites include in the headers: + + Then we should update our favicon database to include the top ones, + and we should also improve our favicon script so that it either + omits checking /favicon.ico if the HTML-specified one exists, or it + should just download, interpret, and display info for both (right + now it seems to give prority to the wrong one: /favicon.ico). + + +o [Ncat] Add SSL support for --exec so you can use SSL to talk to your + remote shell, etc. See this thread: + http://seclists.org/nmap-dev/2009/q4/255, particularly the + implementation sketch at http://seclists.org/nmap-dev/2009/q4/268 [Venkat,David] + +o Look at new Kerberos script from Patrik Karlsson. + http://seclists.org/nmap-dev/2009/q4/715 . [We decided not to merge + this one since its usefulness turned out to be limited on Windows and + very limited on any other platform. ] + +o Add feature to http library to let user set the user agent to be + used. The NSEDoc for this feature should probably tell what our + current default user agent is ("Mozilla/5.0 (compatible; Nmap + Scripting Engine; http://nmap.org/book/nse.html") [David] + o On our NSEDoc pages (e.g. http://nmap.org/nsedoc/), perhaps the link text for scripts should not include the ".nse". Basides saving horizontal space, this may improve the sorting so that the likes of